BID:9680

TransSoft Broker FTP Server Denial of Service Vulnerabilities

Info

TransSoft Broker FTP Server Denial of Service Vulnerabilities

Bugtraq ID:	9680
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2004-0295 CVE-2004-0296
Remote:	Yes
Local:	No
Published:	Feb 17 2004 12:00AM
Updated:	Jul 12 2009 03:06AM
Credit:	The disclosure of these issues has been credited to Beyond Security's SecurITeam <[email protected]>.
Vulnerable:	TransSoft Broker FTP Server 6.1 .0.0

Not Vulnerable:

Discussion

TransSoft Broker FTP Server Denial of Service Vulnerabilities

It has been reported that Broker FTP Server may be prone to multiple denial of service vulnerabilities. These issues may allow a remote attacker to cause the software to crash or hang.

Broker FTP Server version 6.1.0.0 has been reported to be prone to these issues, however, other versions may be affected as well.

Exploit / POC

TransSoft Broker FTP Server Denial of Service Vulnerabilities

The following exploit code has been provided:

/data/vulnerabilities/exploits/brokerftp_dos.pl

Solution / Fix

TransSoft Broker FTP Server Denial of Service Vulnerabilities

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

References

TransSoft Broker FTP Server Denial of Service Vulnerabilities

References:

Broker FTP Server (TransSoft)
Broker FTP DoS (Message Server)=?iso-8859-1?q?=0A?= (Aviram Jenik )